Microsoft pushes patch to prevent ‘WannaCry’ level vulnerability

This month marks the two-year anniversary since the infamous WannaCry attack. As an anniversary present to the world, Microsoft has pushed out patches to secure a newly-identified Remote Desktop Protocol (RDP) vulnerability found in certain Windows operating systems.

The potential damage of the newly-discovered RDP vulnerability matches the same dangers we experienced with the WannaCry ransomware, a malware that utilized weaponized vulnerabilities to infect systems across the globe, basically acting as a worm. This same RDP vulnerability allows attackers to execute code on the targeted system without needing to infect the system first.

So, worst-case-scenario? A WannaCry wannabe will quickly spread malware across the world, exploiting vulnerable systems and sending everyone into a panic.

How to patch the vulnerability

So how do you fix this? Luckily, Microsoft has released patches for vulnerable operating systems, which includes most operating systems pre-Windows 8:

However, if you are unable to enable automatic updates, or you are still running Windows XP and/or Windows Server 2003, you’ll need to download the patch and manually execute it.

For those of you who need to update manually, just click on the operating system you are working with and you’ll be navigated to the Microsoft patch download page, which has the patches you need to download.

Very important security update for Windows CVE-2018-0708 allows remote, unauthenticated code execution is RDP (Remote Desktop). A very bad thing you should patch against. Around 3 million RDP endpoints are directly exposed to internet. https://t.co/EAdg3VNMjwpic.twitter.com/u2V3uyoyVs

The incident with WannaCry in 2017 has forever changed the perception of how to launch an effective attack against a large portion of the world. We’ve observed exploits used by this threat in modern commercial malware, such as Emotet and TrickBot.

It would not be out of the realm of possibility that within the next few weeks, this vulnerability will be weaponized and used against consumers and businesses who fail to patch and protect their networks. Don’t be a statistic. Protect your machines, data, networks, and users right now.